idnits 2.17.1 draft-ietf-netconf-crypto-types-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 125 has weird spacing: '...gorithm enc...' == Line 133 has weird spacing: '...lic-key bin...' == Line 145 has weird spacing: '...on-date iet...' == Line 149 has weird spacing: '...on-date iet...' == Line 153 has weird spacing: '...on-date iet...' == (6 more instances...) -- The document date (June 20, 2019) is 1765 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.2015' -- Obsolete informational reference (is this intentional?): RFC 6125 (Obsoleted by RFC 9525) Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETCONF Working Group K. Watsen 3 Internet-Draft Watsen Networks 4 Intended status: Standards Track H. Wang 5 Expires: December 22, 2019 Huawei 6 June 20, 2019 8 Common YANG Data Types for Cryptography 9 draft-ietf-netconf-crypto-types-09 11 Abstract 13 This document defines YANG identities, typedefs, the groupings useful 14 for cryptographic applications. 16 Editorial Note (To be removed by RFC Editor) 18 This draft contains many placeholder values that need to be replaced 19 with finalized values at the time of publication. This note 20 summarizes all of the substitutions that are needed. No other RFC 21 Editor instructions are specified elsewhere in this document. 23 Artwork in this document contains shorthand references to drafts in 24 progress. Please apply the following replacements: 26 o "XXXX" --> the assigned RFC value for this draft 28 Artwork in this document contains placeholder values for the date of 29 publication of this draft. Please apply the following replacement: 31 o "2019-06-20" --> the publication date of this draft 33 The following Appendix section is to be removed prior to publication: 35 o Appendix B. Change Log 37 Status of This Memo 39 This Internet-Draft is submitted in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at https://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on December 22, 2019. 54 Copyright Notice 56 Copyright (c) 2019 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (https://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. Code Components extracted from this document must 65 include Simplified BSD License text as described in Section 4.e of 66 the Trust Legal Provisions and are provided without warranty as 67 described in the Simplified BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 72 2. The Crypto Types Module . . . . . . . . . . . . . . . . . . . 3 73 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 74 2.2. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 5 75 3. Security Considerations . . . . . . . . . . . . . . . . . . . 41 76 3.1. Support for Algorithms . . . . . . . . . . . . . . . . . 41 77 3.2. No Support for CRMF . . . . . . . . . . . . . . . . . . . 42 78 3.3. Access to Data Nodes . . . . . . . . . . . . . . . . . . 42 79 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 80 4.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 43 81 4.2. The YANG Module Names Registry . . . . . . . . . . . . . 43 82 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 44 83 5.1. Normative References . . . . . . . . . . . . . . . . . . 44 84 5.2. Informative References . . . . . . . . . . . . . . . . . 46 85 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 49 86 A.1. The "asymmetric-key-pair-with-certs-grouping" Grouping . 49 87 A.2. The "generate-certificate-signing-request" Action . . . . 51 88 A.3. The "certificate-expiration" Notification . . . . . . . . 52 89 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 53 90 B.1. I-D to 00 . . . . . . . . . . . . . . . . . . . . . . . . 53 91 B.2. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 53 92 B.3. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 53 93 B.4. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 54 94 B.5. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 54 95 B.6. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 55 96 B.7. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 55 97 B.8. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 55 98 B.9. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 56 99 B.10. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . . . 56 100 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 56 101 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 56 103 1. Introduction 105 This document defines a YANG 1.1 [RFC7950] module specifying 106 identities, typedefs, and groupings useful for cryptography. 108 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 109 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 110 "OPTIONAL" in this document are to be interpreted as described in BCP 111 14 [RFC2119] [RFC8174] when, and only when, they appear in all 112 capitals, as shown here. 114 2. The Crypto Types Module 116 2.1. Tree Diagram 118 This section provides a tree diagram [RFC8340] for the "ietf-crypto- 119 types" module. Only the groupings as represented, as tree diagrams 120 have no means to represent identities or typedefs. 122 module: ietf-crypto-types 124 grouping symmetric-key-grouping: 125 +---- algorithm encryption-algorithm-t 126 +---- (key-type) 127 +--:(key) 128 | +---- key? binary 129 +--:(hidden-key) 130 +---- hidden-key? empty 131 grouping public-key-grouping: 132 +---- algorithm asymmetric-key-algorithm-t 133 +---- public-key binary 134 grouping asymmetric-key-pair-grouping: 135 +---- algorithm asymmetric-key-algorithm-t 136 +---- public-key binary 137 +---- (private-key-type) 138 +--:(private-key) 139 | +---- private-key? binary 140 +--:(hidden-private-key) 141 +---- hidden-private-key? empty 142 grouping trust-anchor-cert-grouping: 143 +---- cert? trust-anchor-cert-cms 144 +---n certificate-expiration 145 +--ro expiration-date ietf-yang-types:date-and-time 146 grouping trust-anchor-certs-grouping: 147 +---- cert* trust-anchor-cert-cms 148 +---n certificate-expiration 149 +--ro expiration-date ietf-yang-types:date-and-time 150 grouping end-entity-cert-grouping: 151 +---- cert? end-entity-cert-cms 152 +---n certificate-expiration 153 +--ro expiration-date ietf-yang-types:date-and-time 154 grouping end-entity-certs-grouping: 155 +---- cert* end-entity-cert-cms 156 +---n certificate-expiration 157 +--ro expiration-date ietf-yang-types:date-and-time 158 grouping asymmetric-key-pair-with-cert-grouping: 159 +---- algorithm 160 | asymmetric-key-algorithm-t 161 +---- public-key binary 162 +---- (private-key-type) 163 | +--:(private-key) 164 | | +---- private-key? binary 165 | +--:(hidden-private-key) 166 | +---- hidden-private-key? empty 167 +---- cert? end-entity-cert-cms 168 +---n certificate-expiration 169 +--ro expiration-date ietf-yang-types:date-and-time 170 +---x generate-certificate-signing-request 171 +---- input 172 | +---w subject binary 173 | +---w attributes? binary 174 +---- output 175 +--ro certificate-signing-request binary 176 grouping asymmetric-key-pair-with-certs-grouping: 177 +---- algorithm 178 | asymmetric-key-algorithm-t 179 +---- public-key binary 180 +---- (private-key-type) 181 | +--:(private-key) 182 | | +---- private-key? binary 183 | +--:(hidden-private-key) 184 | +---- hidden-private-key? empty 185 +---- certificates 186 | +---- certificate* [name] 187 | +---- name string 188 | +---- cert? end-entity-cert-cms 189 | +---n certificate-expiration 190 | +--ro expiration-date ietf-yang-types:date-and-time 191 +---x generate-certificate-signing-request 192 +---- input 193 | +---w subject binary 194 | +---w attributes? binary 195 +---- output 196 +--ro certificate-signing-request binary 198 2.2. YANG Module 200 This module has normative references to [RFC2404], [RFC3565], 201 [RFC3686], [RFC4106], [RFC4253], [RFC4279], [RFC4309], [RFC4494], 202 [RFC4543], [RFC4868], [RFC5280], [RFC5652], [RFC5656], [RFC6187], 203 [RFC6991], [RFC7919], [RFC8268], [RFC8332], [RFC8341], [RFC8422], 204 [RFC8446], and [ITU.X690.2015]. 206 This module has an informational reference to [RFC2986], [RFC3174], 207 [RFC4493], [RFC5915], [RFC6125], [RFC6234], [RFC6239], [RFC6507], 208 [RFC8017], [RFC8032], [RFC8439]. 210 file "ietf-crypto-types@2019-06-20.yang" 212 module ietf-crypto-types { 213 yang-version 1.1; 214 namespace "urn:ietf:params:xml:ns:yang:ietf-crypto-types"; 215 prefix ct; 217 import ietf-yang-types { 218 prefix yang; 219 reference 220 "RFC 6991: Common YANG Data Types"; 221 } 223 import ietf-netconf-acm { 224 prefix nacm; 225 reference 226 "RFC 8341: Network Configuration Access Control Model"; 227 } 229 organization 230 "IETF NETCONF (Network Configuration) Working Group"; 232 contact 233 "WG Web: 234 WG List: 235 Author: Kent Watsen 236 Author: Wang Haiguang "; 238 description 239 "This module defines common YANG types for cryptographic 240 applications. 242 Copyright (c) 2019 IETF Trust and the persons identified 243 as authors of the code. All rights reserved. 245 Redistribution and use in source and binary forms, with 246 or without modification, is permitted pursuant to, and 247 subject to the license terms contained in, the Simplified 248 BSD License set forth in Section 4.c of the IETF Trust's 249 Legal Provisions Relating to IETF Documents 250 (https://trustee.ietf.org/license-info). 252 This version of this YANG module is part of RFC XXXX 253 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC 254 itself for full legal notices.; 256 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 257 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 258 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 259 are to be interpreted as described in BCP 14 (RFC 2119) 260 (RFC 8174) when, and only when, they appear in all 261 capitals, as shown here."; 263 revision 2019-06-20 { 264 description 265 "Initial version"; 266 reference 267 "RFC XXXX: Common YANG Data Types for Cryptography"; 268 } 270 /**************************************/ 271 /* Identities for Hash Algorithms */ 272 /**************************************/ 274 typedef hash-algorithm-t { 275 type union { 276 type uint16; 277 type enumeration { 278 enum NONE { 279 value 0; 280 description 281 "Hash algorithm is NULL."; 282 } 283 enum sha1 { 284 value 1; 285 status obsolete; 286 description 287 "The SHA1 algorithm."; 288 reference 289 "RFC 3174: US Secure Hash Algorithms 1 (SHA1)."; 291 } 292 enum sha-224 { 293 value 2; 294 description 295 "The SHA-224 algorithm."; 296 reference 297 "RFC 6234: US Secure Hash Algorithms."; 298 } 299 enum sha-256 { 300 value 3; 301 description 302 "The SHA-256 algorithm."; 303 reference 304 "RFC 6234: US Secure Hash Algorithms."; 305 } 306 enum sha-384 { 307 value 4; 308 description 309 "The SHA-384 algorithm."; 310 reference 311 "RFC 6234: US Secure Hash Algorithms."; 312 } 313 enum sha-512 { 314 value 5; 315 description 316 "The SHA-512 algorithm."; 317 reference 318 "RFC 6234: US Secure Hash Algorithms."; 319 } 320 } 321 } 322 default "0"; 323 description 324 "The uint16 filed shall be set by individual protocol families 325 according to the hash algorithm value assigned by IANA. The 326 setting is optional and by default is 0. The enumeration 327 filed is set to the selected hash algorithm."; 328 } 330 /***********************************************/ 331 /* Identities for Asymmetric Key Algorithms */ 332 /***********************************************/ 334 typedef asymmetric-key-algorithm-t { 335 type union { 336 type uint16; 337 type enumeration { 338 enum NONE { 339 value 0; 340 description 341 "Asymetric key algorithm is NULL."; 342 } 343 enum rsa1024 { 344 value 1; 345 description 346 "The RSA algorithm using a 1024-bit key."; 347 reference 348 "RFC 8017: PKCS #1: RSA Cryptography 349 Specifications Version 2.2."; 350 } 351 enum rsa2048 { 352 value 2; 353 description 354 "The RSA algorithm using a 2048-bit key."; 355 reference 356 "RFC 8017: 357 PKCS #1: RSA Cryptography Specifications Version 2.2."; 358 } 359 enum rsa3072 { 360 value 3; 361 description 362 "The RSA algorithm using a 3072-bit key."; 363 reference 364 "RFC 8017: 365 PKCS #1: RSA Cryptography Specifications Version 2.2."; 366 } 367 enum rsa4096 { 368 value 4; 369 description 370 "The RSA algorithm using a 4096-bit key."; 371 reference 372 "RFC 8017: 373 PKCS #1: RSA Cryptography Specifications Version 2.2."; 374 } 375 enum rsa7680 { 376 value 5; 377 description 378 "The RSA algorithm using a 7680-bit key."; 379 reference 380 "RFC 8017: 381 PKCS #1: RSA Cryptography Specifications Version 2.2."; 382 } 383 enum rsa15360 { 384 value 6; 385 description 386 "The RSA algorithm using a 15360-bit key."; 388 reference 389 "RFC 8017: 390 PKCS #1: RSA Cryptography Specifications Version 2.2."; 391 } 392 enum secp192r1 { 393 value 7; 394 description 395 "The ECDSA algorithm using a NIST P192 Curve."; 396 reference 397 "RFC 6090: 398 Fundamental Elliptic Curve Cryptography Algorithms. 399 RFC 5480: 400 Elliptic Curve Cryptography Subject Public Key 401 Information."; 402 } 403 enum secp224r1 { 404 value 8; 405 description 406 "The ECDSA algorithm using a NIST P224 Curve."; 407 reference 408 "RFC 6090: 409 Fundamental Elliptic Curve Cryptography Algorithms. 410 RFC 5480: 411 Elliptic Curve Cryptography Subject Public Key 412 Information."; 413 } 414 enum secp256r1 { 415 value 9; 416 description 417 "The ECDSA algorithm using a NIST P256 Curve."; 418 reference 419 "RFC 6090: 420 Fundamental Elliptic Curve Cryptography Algorithms. 421 RFC 5480: 422 Elliptic Curve Cryptography Subject Public Key 423 Information."; 424 } 425 enum secp384r1 { 426 value 10; 427 description 428 "The ECDSA algorithm using a NIST P384 Curve."; 429 reference 430 "RFC 6090: 431 Fundamental Elliptic Curve Cryptography Algorithms. 432 RFC 5480: 433 Elliptic Curve Cryptography Subject Public Key 434 Information."; 435 } 436 enum secp521r1 { 437 value 11; 438 description 439 "The ECDSA algorithm using a NIST P521 Curve."; 440 reference 441 "RFC 6090: 442 Fundamental Elliptic Curve Cryptography Algorithms. 443 RFC 5480: 444 Elliptic Curve Cryptography Subject Public Key 445 Information."; 446 } 447 } 448 } 449 default "0"; 450 description 451 "The uint16 filed shall be set by individual protocol 452 families according to the asymmetric key algorithm value 453 assigned by IANA. The setting is optional and by default 454 is 0. The enumeration filed is set to the selected 455 asymmetric key algorithm."; 456 } 458 /*************************************/ 459 /* Identities for MAC Algorithms */ 460 /*************************************/ 462 typedef mac-algorithm-t { 463 type union { 464 type uint16; 465 type enumeration { 466 enum NONE { 467 value 0; 468 description 469 "mac algorithm is NULL."; 470 } 471 enum hmac-sha1 { 472 value 1; 473 description 474 "Generating MAC using SHA1 hash function"; 475 reference 476 "RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; 477 } 478 enum hmac-sha1-96 { 479 value 2; 480 description 481 "Generating MAC using SHA1 hash function"; 482 reference 483 "RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH"; 485 } 486 enum hmac-sha2-224 { 487 value 3; 488 description 489 "Generating MAC using SHA2 hash function"; 490 reference 491 "RFC 6234: US Secure Hash Algorithms 492 (SHA and SHA-based HMAC and HKDF)"; 493 } 494 enum hmac-sha2-256 { 495 value 4; 496 description 497 "Generating MAC using SHA2 hash function"; 498 reference 499 "RFC 6234: US Secure Hash Algorithms 500 (SHA and SHA-based HMAC and HKDF)"; 501 } 502 enum hmac-sha2-256-128 { 503 value 5; 504 description 505 "Generating a 256 bits MAC using SHA2 hash function and 506 truncate it to 128 bits"; 507 reference 508 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, 509 and HMAC-SHA-512 with IPsec"; 510 } 511 enum hmac-sha2-384 { 512 value 6; 513 description 514 "Generating a 384 bits MAC using SHA2 hash function"; 515 reference 516 "RFC 6234: US Secure Hash Algorithms 517 (SHA and SHA-based HMAC and HKDF)"; 518 } 519 enum hmac-sha2-384-192 { 520 value 7; 521 description 522 "Generating a 384 bits MAC using SHA2 hash function and 523 truncate it to 192 bits"; 524 reference 525 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, 526 and HMAC-SHA-512 with IPsec"; 527 } 528 enum hmac-sha2-512 { 529 value 8; 530 description 531 "Generating a 512 bits MAC using SHA2 hash function"; 532 reference 533 "RFC 6234: US Secure Hash Algorithms 534 (SHA and SHA-based HMAC and HKDF)"; 535 } 536 enum hmac-sha2-512-256 { 537 value 9; 538 description 539 "Generating a 512 bits MAC using SHA2 hash function and 540 truncate it to 256 bits"; 541 reference 542 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, 543 and HMAC-SHA-512 with IPsec"; 544 } 545 enum aes-128-gmac { 546 value 10; 547 description 548 "Generating 128-bit MAC using the Advanced Encryption 549 Standard (AES) Galois Message Authentication Code 550 (GMAC) as a mechanism to provide data origin 551 authentication."; 552 reference 553 "RFC 4543: 554 The Use of Galois Message Authentication Code (GMAC) 555 in IPsec ESP and AH"; 556 } 557 enum aes-192-gmac { 558 value 11; 559 description 560 "Generating 192-bit MAC using the Advanced Encryption 561 Standard (AES) Galois Message Authentication Code 562 (GMAC) as a mechanism to provide data origin 563 authentication."; 564 reference 565 "RFC 4543: 566 The Use of Galois Message Authentication Code (GMAC) 567 in IPsec ESP and AH"; 568 } 569 enum aes-256-gmac { 570 value 12; 571 description 572 "Generating 256-bit MAC using the Advanced Encryption 573 Standard (AES) Galois Message Authentication Code 574 (GMAC) as a mechanism to provide data origin 575 authentication."; 576 reference 577 "RFC 4543: 578 The Use of Galois Message Authentication Code (GMAC) 579 in IPsec ESP and AH"; 580 } 581 enum aes-cmac-96 { 582 value 13; 583 description 584 "Generating 96-bit MAC using Advanced Encryption 585 Standard (AES) Cipher-based Message Authentication 586 Code (CMAC)"; 587 reference 588 "RFC 4494: 589 The AES-CMAC Algorithm and its Use with IPsec"; 590 } 591 enum aes-cmac-128 { 592 value 14; 593 description 594 "Generating 128-bit MAC using Advanced Encryption 595 Standard (AES) Cipher-based Message Authentication 596 Code (CMAC)"; 597 reference 598 "RFC 4494: 599 The AES-CMAC Algorithm and its Use with IPsec"; 600 } 601 } 602 } 603 default "0"; 604 description 605 "The uint16 filed shall be set by individual protocol 606 families according to the mac algorithm value assigned by 607 IANA. The setting is optional and by default is 0. The 608 enumeration filed is set to the selected mac algorithm."; 609 } 611 /********************************************/ 612 /* Identities for Encryption Algorithms */ 613 /********************************************/ 615 typedef encryption-algorithm-t { 616 type union { 617 type uint16; 618 type enumeration { 619 enum NONE { 620 value 0; 621 description 622 "Encryption algorithm is NULL."; 623 } 624 enum aes-128-cbc { 625 value 1; 626 description 627 "Encrypt message with AES algorithm in CBC mode with 628 a key length of 128 bits."; 630 reference 631 "RFC 3565: Use of the Advanced Encryption Standard (AES) 632 Encryption Algorithm in Cryptographic Message Syntax 633 (CMS)"; 634 } 635 enum aes-192-cbc { 636 value 2; 637 description 638 "Encrypt message with AES algorithm in CBC mode with 639 a key length of 192 bits"; 640 reference 641 "RFC 3565: Use of the Advanced Encryption Standard (AES) 642 Encryption Algorithm in Cryptographic Message Syntax 643 (CMS)"; 644 } 645 enum aes-256-cbc { 646 value 3; 647 description 648 "Encrypt message with AES algorithm in CBC mode with 649 a key length of 256 bits"; 650 reference 651 "RFC 3565: Use of the Advanced Encryption Standard (AES) 652 Encryption Algorithm in Cryptographic Message Syntax 653 (CMS)"; 654 } 655 enum aes-128-ctr { 656 value 4; 657 description 658 "Encrypt message with AES algorithm in CTR mode with 659 a key length of 128 bits"; 660 reference 661 "RFC 3686: 662 Using Advanced Encryption Standard (AES) Counter 663 Mode with IPsec Encapsulating Security Payload 664 (ESP)"; 665 } 666 enum aes-192-ctr { 667 value 5; 668 description 669 "Encrypt message with AES algorithm in CTR mode with 670 a key length of 192 bits"; 671 reference 672 "RFC 3686: 673 Using Advanced Encryption Standard (AES) Counter 674 Mode with IPsec Encapsulating Security Payload 675 (ESP)"; 676 } 677 enum aes-256-ctr { 678 value 6; 679 description 680 "Encrypt message with AES algorithm in CTR mode with 681 a key length of 256 bits"; 682 reference 683 "RFC 3686: 684 Using Advanced Encryption Standard (AES) Counter 685 Mode with IPsec Encapsulating Security Payload 686 (ESP)"; 687 } 688 } 689 } 690 default "0"; 691 description 692 "The uint16 filed shall be set by individual protocol 693 families according to the encryption algorithm value 694 assigned by IANA. The setting is optional and by default 695 is 0. The enumeration filed is set to the selected 696 encryption algorithm."; 697 } 699 /****************************************************/ 700 /* Identities for Encryption and MAC Algorithms */ 701 /****************************************************/ 703 typedef encryption-and-mac-algorithm-t { 704 type union { 705 type uint16; 706 type enumeration { 707 enum NONE { 708 value 0; 709 description 710 "Encryption and MAC algorithm is NULL."; 711 reference 712 "None"; 713 } 714 enum aes-128-ccm { 715 value 1; 716 description 717 "Encrypt message with AES algorithm in CCM 718 mode with a key length of 128 bits; it can 719 also be used for generating MAC"; 720 reference 721 "RFC 4309: Using Advanced Encryption Standard 722 (AES) CCM Mode with IPsec Encapsulating Security 723 Payload (ESP)"; 724 } 725 enum aes-192-ccm { 726 value 2; 727 description 728 "Encrypt message with AES algorithm in CCM 729 mode with a key length of 192 bits; it can 730 also be used for generating MAC"; 731 reference 732 "RFC 4309: Using Advanced Encryption Standard 733 (AES) CCM Mode with IPsec Encapsulating Security 734 Payload (ESP)"; 735 } 736 enum aes-256-ccm { 737 value 3; 738 description 739 "Encrypt message with AES algorithm in CCM 740 mode with a key length of 256 bits; it can 741 also be used for generating MAC"; 742 reference 743 "RFC 4309: Using Advanced Encryption Standard 744 (AES) CCM Mode with IPsec Encapsulating Security 745 Payload (ESP)"; 746 } 747 enum aes-128-gcm { 748 value 4; 749 description 750 "Encrypt message with AES algorithm in GCM 751 mode with a key length of 128 bits; it can 752 also be used for generating MAC"; 753 reference 754 "RFC 4106: The Use of Galois/Counter Mode (GCM) 755 in IPsec Encapsulating Security Payload (ESP)"; 756 } 757 enum aes-192-gcm { 758 value 5; 759 description 760 "Encrypt message with AES algorithm in GCM 761 mode with a key length of 192 bits; it can 762 also be used for generating MAC"; 763 reference 764 "RFC 4106: The Use of Galois/Counter Mode (GCM) 765 in IPsec Encapsulating Security Payload (ESP)"; 766 } 767 enum aes-256-gcm { 768 value 6; 769 description 770 "Encrypt message with AES algorithm in GCM 771 mode with a key length of 256 bits; it can 772 also be used for generating MAC"; 773 reference 774 "RFC 4106: The Use of Galois/Counter Mode (GCM) 775 in IPsec Encapsulating Security Payload (ESP)"; 776 } 777 enum chacha20-poly1305 { 778 value 7; 779 description 780 "Encrypt message with chacha20 algorithm and generate 781 MAC with POLY1305; it can also be used for generating 782 MAC"; 783 reference 784 "RFC 8439: ChaCha20 and Poly1305 for IETF Protocols"; 785 } 786 } 787 } 788 default "0"; 789 description 790 "The uint16 filed shall be set by individual protocol 791 families according to the encryption and mac algorithm value 792 assigned by IANA. The setting is optional and by default is 793 0. The enumeration filed is set to the selected encryption 794 and mac algorithm."; 795 } 797 /******************************************/ 798 /* Identities for signature algorithm */ 799 /******************************************/ 801 typedef signature-algorithm-t { 802 type union { 803 type uint16; 804 type enumeration { 805 enum NONE { 806 value 0; 807 description 808 "Signature algorithm is NULL"; 809 } 810 enum dsa-sha1 { 811 value 1; 812 description 813 "The signature algorithm using DSA algorithm with SHA1 814 hash algorithm"; 815 reference 816 "RFC 4253: 817 The Secure Shell (SSH) Transport Layer Protocol"; 818 } 819 enum rsassa-pkcs1-sha1 { 820 value 2; 821 description 822 "The signature algorithm using RSASSA-PKCS1-v1_5 with 823 the SHA1 hash algorithm."; 824 reference 825 "RFC 4253: 826 The Secure Shell (SSH) Transport Layer Protocol"; 827 } 828 enum rsassa-pkcs1-sha256 { 829 value 3; 830 description 831 "The signature algorithm using RSASSA-PKCS1-v1_5 with 832 the SHA256 hash algorithm."; 833 reference 834 "RFC 8332: 835 Use of RSA Keys with SHA-256 and SHA-512 in the 836 Secure Shell (SSH) Protocol 837 RFC 8446: 838 The Transport Layer Security (TLS) Protocol 839 Version 1.3"; 840 } 841 enum rsassa-pkcs1-sha384 { 842 value 4; 843 description 844 "The signature algorithm using RSASSA-PKCS1-v1_5 with 845 the SHA384 hash algorithm."; 846 reference 847 "RFC 8446: 848 The Transport Layer Security (TLS) Protocol 849 Version 1.3"; 850 } 851 enum rsassa-pkcs1-sha512 { 852 value 5; 853 description 854 "The signature algorithm using RSASSA-PKCS1-v1_5 with 855 the SHA512 hash algorithm."; 856 reference 857 "RFC 8332: 858 Use of RSA Keys with SHA-256 and SHA-512 in the 859 Secure Shell (SSH) Protocol 860 RFC 8446: 861 The Transport Layer Security (TLS) Protocol 862 Version 1.3"; 863 } 864 enum rsassa-pss-rsae-sha256 { 865 value 6; 866 description 867 "The signature algorithm using RSASSA-PSS with mask 868 generation function 1 and SHA256 hash algorithm. If 869 the public key is carried in an X.509 certificate, 870 it MUST use the rsaEncryption OID"; 871 reference 872 "RFC 8446: 873 The Transport Layer Security (TLS) Protocol 874 Version 1.3"; 875 } 876 enum rsassa-pss-rsae-sha384 { 877 value 7; 878 description 879 "The signature algorithm using RSASSA-PSS with mask 880 generation function 1 and SHA384 hash algorithm. If 881 the public key is carried in an X.509 certificate, 882 it MUST use the rsaEncryption OID"; 883 reference 884 "RFC 8446: 885 The Transport Layer Security (TLS) Protocol 886 Version 1.3"; 887 } 888 enum rsassa-pss-rsae-sha512 { 889 value 8; 890 description 891 "The signature algorithm using RSASSA-PSS with mask 892 generation function 1 and SHA512 hash algorithm. If 893 the public key is carried in an X.509 certificate, 894 it MUST use the rsaEncryption OID"; 895 reference 896 "RFC 8446: 897 The Transport Layer Security (TLS) Protocol 898 Version 1.3"; 899 } 900 enum rsassa-pss-pss-sha256 { 901 value 9; 902 description 903 "The signature algorithm using RSASSA-PSS with mask 904 generation function 1 and SHA256 hash algorithm. If 905 the public key is carried in an X.509 certificate, 906 it MUST use the rsaEncryption OID"; 907 reference 908 "RFC 8446: 909 The Transport Layer Security (TLS) Protocol 910 Version 1.3"; 911 } 912 enum rsassa-pss-pss-sha384 { 913 value 10; 914 description 915 "The signature algorithm using RSASSA-PSS with mask 916 generation function 1 and SHA384 hash algorithm. If 917 the public key is carried in an X.509 certificate, 918 it MUST use the rsaEncryption OID"; 919 reference 920 "RFC 8446: 921 The Transport Layer Security (TLS) Protocol 922 Version 1.3"; 923 } 924 enum rsassa-pss-pss-sha512 { 925 value 11; 926 description 927 "The signature algorithm using RSASSA-PSS with mask 928 generation function 1 and SHA512 hash algorithm. If 929 the public key is carried in an X.509 certificate, 930 it MUST use the rsaEncryption OID"; 931 reference 932 "RFC 8446: 933 The Transport Layer Security (TLS) Protocol 934 Version 1.3"; 935 } 936 enum ecdsa-secp256r1-sha256 { 937 value 12; 938 description 939 "The signature algorithm using ECDSA with curve name 940 secp256r1 and SHA256 hash algorithm."; 941 reference 942 "RFC 5656: 943 Elliptic Curve Algorithm Integration in the Secure 944 Shell Transport Layer 945 RFC 8446: 946 The Transport Layer Security (TLS) Protocol 947 Version 1.3"; 948 } 949 enum ecdsa-secp384r1-sha384 { 950 value 13; 951 description 952 "The signature algorithm using ECDSA with curve name 953 secp384r1 and SHA384 hash algorithm."; 954 reference 955 "RFC 5656: 956 Elliptic Curve Algorithm Integration in the Secure 957 Shell Transport Layer 958 RFC 8446: 959 The Transport Layer Security (TLS) Protocol 960 Version 1.3"; 961 } 962 enum ecdsa-secp521r1-sha512 { 963 value 14; 964 description 965 "The signature algorithm using ECDSA with curve name 966 secp521r1 and SHA512 hash algorithm."; 967 reference 968 "RFC 5656: 969 Elliptic Curve Algorithm Integration in the Secure 970 Shell Transport Layer 971 RFC 8446: 972 The Transport Layer Security (TLS) Protocol 973 Version 1.3"; 974 } 975 enum ed25519 { 976 value 15; 977 description 978 "The signature algorithm using EdDSA as defined in 979 RFC 8032 or its successors."; 980 reference 981 "RFC 8032: 982 Edwards-Curve Digital Signature Algorithm (EdDSA)"; 983 } 984 enum ed448 { 985 value 16; 986 description 987 "The signature algorithm using EdDSA as defined in 988 RFC 8032 or its successors."; 989 reference 990 "RFC 8032: 991 Edwards-Curve Digital Signature Algorithm (EdDSA)"; 992 } 993 enum eccsi { 994 value 17; 995 description 996 "The signature algorithm using ECCSI signature as 997 defined in RFC 6507."; 998 reference 999 "RFC 6507: 1000 Elliptic Curve-Based Certificateless Signatures 1001 for Identity-based Encryption (ECCSI)"; 1002 } 1003 } 1004 } 1005 default "0"; 1006 description 1007 "The uint16 filed shall be set by individual protocol 1008 families according to the signature algorithm value 1009 assigned by IANA. The setting is optional and by default 1010 is 0. The enumeration filed is set to the selected 1011 signature algorithm."; 1012 } 1013 /**********************************************/ 1014 /* Identities for key exchange algorithms */ 1015 /**********************************************/ 1017 typedef key-exchange-algorithm-t { 1018 type union { 1019 type uint16; 1020 type enumeration { 1021 enum NONE { 1022 value 0; 1023 description 1024 "Key exchange algorithm is NULL."; 1025 } 1026 enum psk-only { 1027 value 1; 1028 description 1029 "Using Pre-shared key for authentication and key 1030 exchange"; 1031 reference 1032 "RFC 4279: 1033 Pre-Shared Key cipher suites for Transport Layer 1034 Security (TLS)"; 1035 } 1036 enum dhe-ffdhe2048 { 1037 value 2; 1038 description 1039 "Ephemeral Diffie Hellman key exchange with 2048 bit 1040 finite field"; 1041 reference 1042 "RFC 7919: 1043 Negotiated Finite Field Diffie-Hellman Ephemeral 1044 Parameters for Transport Layer Security (TLS)"; 1045 } 1046 enum dhe-ffdhe3072 { 1047 value 3; 1048 description 1049 "Ephemeral Diffie Hellman key exchange with 3072 bit 1050 finite field"; 1051 reference 1052 "RFC 7919: 1053 Negotiated Finite Field Diffie-Hellman Ephemeral 1054 Parameters for Transport Layer Security (TLS)"; 1055 } 1056 enum dhe-ffdhe4096 { 1057 value 4; 1058 description 1059 "Ephemeral Diffie Hellman key exchange with 4096 bit 1060 finite field"; 1062 reference 1063 "RFC 7919: 1064 Negotiated Finite Field Diffie-Hellman Ephemeral 1065 Parameters for Transport Layer Security (TLS)"; 1066 } 1067 enum dhe-ffdhe6144 { 1068 value 5; 1069 description 1070 "Ephemeral Diffie Hellman key exchange with 6144 bit 1071 finite field"; 1072 reference 1073 "RFC 7919: 1074 Negotiated Finite Field Diffie-Hellman Ephemeral 1075 Parameters for Transport Layer Security (TLS)"; 1076 } 1077 enum dhe-ffdhe8192 { 1078 value 6; 1079 description 1080 "Ephemeral Diffie Hellman key exchange with 8192 bit 1081 finite field"; 1082 reference 1083 "RFC 7919: 1084 Negotiated Finite Field Diffie-Hellman Ephemeral 1085 Parameters for Transport Layer Security (TLS)"; 1086 } 1087 enum psk-dhe-ffdhe2048 { 1088 value 7; 1089 description 1090 "Key exchange using pre-shared key with Diffie-Hellman 1091 key generation mechanism, where the DH group is 1092 FFDHE2048"; 1093 reference 1094 "RFC 8446: 1095 The Transport Layer Security (TLS) Protocol 1096 Version 1.3"; 1097 } 1098 enum psk-dhe-ffdhe3072 { 1099 value 8; 1100 description 1101 "Key exchange using pre-shared key with Diffie-Hellman 1102 key generation mechanism, where the DH group is 1103 FFDHE3072"; 1104 reference 1105 "RFC 8446: 1106 The Transport Layer Security (TLS) Protocol 1107 Version 1.3"; 1108 } 1109 enum psk-dhe-ffdhe4096 { 1110 value 9; 1111 description 1112 "Key exchange using pre-shared key with Diffie-Hellman 1113 key generation mechanism, where the DH group is 1114 FFDHE4096"; 1115 reference 1116 "RFC 8446: 1117 The Transport Layer Security (TLS) Protocol 1118 Version 1.3"; 1119 } 1120 enum psk-dhe-ffdhe6144 { 1121 value 10; 1122 description 1123 "Key exchange using pre-shared key with Diffie-Hellman 1124 key generation mechanism, where the DH group is 1125 FFDHE6144"; 1126 reference 1127 "RFC 8446: 1128 The Transport Layer Security (TLS) Protocol 1129 Version 1.3"; 1130 } 1131 enum psk-dhe-ffdhe8192 { 1132 value 11; 1133 description 1134 "Key exchange using pre-shared key with Diffie-Hellman 1135 key generation mechanism, where the DH group is 1136 FFDHE8192"; 1137 reference 1138 "RFC 8446: 1139 The Transport Layer Security (TLS) Protocol 1140 Version 1.3"; 1141 } 1142 enum ecdhe-secp256r1 { 1143 value 12; 1144 description 1145 "Ephemeral Diffie Hellman key exchange with elliptic 1146 group over curve secp256r1"; 1147 reference 1148 "RFC 8422: 1149 Elliptic Curve Cryptography (ECC) Cipher Suites 1150 for Transport Layer Security (TLS) Versions 1.2 1151 and Earlier"; 1152 } 1153 enum ecdhe-secp384r1 { 1154 value 13; 1155 description 1156 "Ephemeral Diffie Hellman key exchange with elliptic 1157 group over curve secp384r1"; 1159 reference 1160 "RFC 8422: 1161 Elliptic Curve Cryptography (ECC) Cipher Suites 1162 for Transport Layer Security (TLS) Versions 1.2 1163 and Earlier"; 1164 } 1165 enum ecdhe-secp521r1 { 1166 value 14; 1167 description 1168 "Ephemeral Diffie Hellman key exchange with elliptic 1169 group over curve secp521r1"; 1170 reference 1171 "RFC 8422: 1172 Elliptic Curve Cryptography (ECC) Cipher Suites 1173 for Transport Layer Security (TLS) Versions 1.2 1174 and Earlier"; 1175 } 1176 enum ecdhe-x25519 { 1177 value 15; 1178 description 1179 "Ephemeral Diffie Hellman key exchange with elliptic 1180 group over curve x25519"; 1181 reference 1182 "RFC 8422: 1183 Elliptic Curve Cryptography (ECC) Cipher Suites 1184 for Transport Layer Security (TLS) Versions 1.2 1185 and Earlier"; 1186 } 1187 enum ecdhe-x448 { 1188 value 16; 1189 description 1190 "Ephemeral Diffie Hellman key exchange with elliptic 1191 group over curve x448"; 1192 reference 1193 "RFC 8422: 1194 Elliptic Curve Cryptography (ECC) Cipher Suites 1195 for Transport Layer Security (TLS) Versions 1.2 1196 and Earlier"; 1197 } 1198 enum psk-ecdhe-secp256r1 { 1199 value 17; 1200 description 1201 "Key exchange using pre-shared key with elliptic 1202 group-based Ephemeral Diffie Hellman key exchange 1203 over curve secp256r1"; 1204 reference 1205 "RFC 8446: 1206 The Transport Layer Security (TLS) Protocol 1207 Version 1.3"; 1208 } 1209 enum psk-ecdhe-secp384r1 { 1210 value 18; 1211 description 1212 "Key exchange using pre-shared key with elliptic 1213 group-based Ephemeral Diffie Hellman key exchange 1214 over curve secp384r1"; 1215 reference 1216 "RFC 8446: 1217 The Transport Layer Security (TLS) Protocol 1218 Version 1.3"; 1219 } 1220 enum psk-ecdhe-secp521r1 { 1221 value 19; 1222 description 1223 "Key exchange using pre-shared key with elliptic 1224 group-based Ephemeral Diffie Hellman key exchange 1225 over curve secp521r1"; 1226 reference 1227 "RFC 8446: 1228 The Transport Layer Security (TLS) Protocol 1229 Version 1.3"; 1230 } 1231 enum psk-ecdhe-x25519 { 1232 value 20; 1233 description 1234 "Key exchange using pre-shared key with elliptic 1235 group-based Ephemeral Diffie Hellman key exchange 1236 over curve x25519"; 1237 reference 1238 "RFC 8446: 1239 The Transport Layer Security (TLS) Protocol 1240 Version 1.3"; 1241 } 1242 enum psk-ecdhe-x448 { 1243 value 21; 1244 description 1245 "Key exchange using pre-shared key with elliptic 1246 group-based Ephemeral Diffie Hellman key exchange 1247 over curve x448"; 1248 reference 1249 "RFC 8446: 1250 The Transport Layer Security (TLS) Protocol 1251 Version 1.3"; 1252 } 1253 enum diffie-hellman-group14-sha1 { 1254 value 22; 1255 description 1256 "Using DH group14 and SHA1 for key exchange"; 1257 reference 1258 "RFC 4253: 1259 The Secure Shell (SSH) Transport Layer Protocol"; 1260 } 1261 enum diffie-hellman-group14-sha256 { 1262 value 23; 1263 description 1264 "Using DH group14 and SHA-256 for key exchange"; 1265 reference 1266 "RFC 8268: 1267 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1268 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1269 } 1270 enum diffie-hellman-group15-sha512 { 1271 value 24; 1272 description 1273 "Using DH group15 and SHA-512 for key exchange"; 1274 reference 1275 "RFC 8268: 1276 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1277 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1278 } 1279 enum diffie-hellman-group16-sha512 { 1280 value 25; 1281 description 1282 "Using DH group16 and SHA-512 for key exchange"; 1283 reference 1284 "RFC 8268: 1285 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1286 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1287 } 1288 enum diffie-hellman-group17-sha512 { 1289 value 26; 1290 description 1291 "Using DH group17 and SHA-512 for key exchange"; 1292 reference 1293 "RFC 8268: 1294 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1295 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1296 } 1297 enum diffie-hellman-group18-sha512 { 1298 value 27; 1299 description 1300 "Using DH group18 and SHA-512 for key exchange"; 1301 reference 1302 "RFC 8268: 1304 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1305 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1306 } 1307 enum ecdh-sha2-secp256r1 { 1308 value 28; 1309 description 1310 "Elliptic curve-based Diffie Hellman key exchange over 1311 curve ecp256r1 and using SHA2 for MAC generation"; 1312 reference 1313 "RFC 6239: 1314 Suite B Cryptographic Suites for Secure Shell (SSH)"; 1315 } 1316 enum ecdh-sha2-secp384r1 { 1317 value 29; 1318 description 1319 "Elliptic curve-based Diffie Hellman key exchange over 1320 curve ecp384r1 and using SHA2 for MAC generation"; 1321 reference 1322 "RFC 6239: 1323 Suite B Cryptographic Suites for Secure Shell (SSH)"; 1324 } 1325 enum rsaes-oaep { 1326 value 30; 1327 description 1328 "RSAES-OAEP combines the RSAEP and RSADP primitives with 1329 the EME-OAEP encoding method"; 1330 reference 1331 "RFC 8017: 1332 PKCS #1: 1333 RSA Cryptography Specifications Version 2.2."; 1334 } 1335 enum rsaes-pkcs1-v1_5 { 1336 value 31; 1337 description 1338 "RSAES-PKCS1-v1_5 combines the RSAEP and RSADP 1339 primitives with the EME-PKCS1-v1_5 encoding method"; 1340 reference 1341 "RFC 8017: 1342 PKCS #1: 1343 RSA Cryptography Specifications Version 2.2."; 1344 } 1345 } 1346 } 1347 default "0"; 1348 description 1349 "The uint16 filed shall be set by individual protocol 1350 families according to the key exchange algorithm value 1351 assigned by IANA. The setting is optional and by default 1352 is 0. The enumeration filed is set to the selected key 1353 exchange algorithm."; 1354 } 1356 /***************************************************/ 1357 /* Typedefs for ASN.1 structures from RFC 5280 */ 1358 /***************************************************/ 1360 typedef x509 { 1361 type binary; 1362 description 1363 "A Certificate structure, as specified in RFC 5280, 1364 encoded using ASN.1 distinguished encoding rules (DER), 1365 as specified in ITU-T X.690."; 1366 reference 1367 "RFC 5280: 1368 Internet X.509 Public Key Infrastructure Certificate 1369 and Certificate Revocation List (CRL) Profile 1370 ITU-T X.690: 1371 Information technology - ASN.1 encoding rules: 1372 Specification of Basic Encoding Rules (BER), 1373 Canonical Encoding Rules (CER) and Distinguished 1374 Encoding Rules (DER)."; 1375 } 1377 typedef crl { 1378 type binary; 1379 description 1380 "A CertificateList structure, as specified in RFC 5280, 1381 encoded using ASN.1 distinguished encoding rules (DER), 1382 as specified in ITU-T X.690."; 1383 reference 1384 "RFC 5280: 1385 Internet X.509 Public Key Infrastructure Certificate 1386 and Certificate Revocation List (CRL) Profile 1387 ITU-T X.690: 1388 Information technology - ASN.1 encoding rules: 1389 Specification of Basic Encoding Rules (BER), 1390 Canonical Encoding Rules (CER) and Distinguished 1391 Encoding Rules (DER)."; 1392 } 1394 /***********************************************/ 1395 /* Typedefs for ASN.1 structures from 5652 */ 1396 /***********************************************/ 1398 typedef cms { 1399 type binary; 1400 description 1401 "A ContentInfo structure, as specified in RFC 5652, 1402 encoded using ASN.1 distinguished encoding rules (DER), 1403 as specified in ITU-T X.690."; 1404 reference 1405 "RFC 5652: 1406 Cryptographic Message Syntax (CMS) 1407 ITU-T X.690: 1408 Information technology - ASN.1 encoding rules: 1409 Specification of Basic Encoding Rules (BER), 1410 Canonical Encoding Rules (CER) and Distinguished 1411 Encoding Rules (DER)."; 1412 } 1414 typedef data-content-cms { 1415 type cms; 1416 description 1417 "A CMS structure whose top-most content type MUST be the 1418 data content type, as described by Section 4 in RFC 5652."; 1419 reference 1420 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1421 } 1423 typedef signed-data-cms { 1424 type cms; 1425 description 1426 "A CMS structure whose top-most content type MUST be the 1427 signed-data content type, as described by Section 5 in 1428 RFC 5652."; 1429 reference 1430 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1431 } 1433 typedef enveloped-data-cms { 1434 type cms; 1435 description 1436 "A CMS structure whose top-most content type MUST be the 1437 enveloped-data content type, as described by Section 6 1438 in RFC 5652."; 1439 reference 1440 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1441 } 1443 typedef digested-data-cms { 1444 type cms; 1445 description 1446 "A CMS structure whose top-most content type MUST be the 1447 digested-data content type, as described by Section 7 1448 in RFC 5652."; 1449 reference 1450 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1451 } 1453 typedef encrypted-data-cms { 1454 type cms; 1455 description 1456 "A CMS structure whose top-most content type MUST be the 1457 encrypted-data content type, as described by Section 8 1458 in RFC 5652."; 1459 reference 1460 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1461 } 1463 typedef authenticated-data-cms { 1464 type cms; 1465 description 1466 "A CMS structure whose top-most content type MUST be the 1467 authenticated-data content type, as described by Section 9 1468 in RFC 5652."; 1469 reference 1470 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1471 } 1473 /***************************************************/ 1474 /* Typedefs for structures related to RFC 4253 */ 1475 /***************************************************/ 1477 typedef ssh-host-key { 1478 type binary; 1479 description 1480 "The binary public key data for this SSH key, as 1481 specified by RFC 4253, Section 6.6, i.e.: 1483 string certificate or public key format 1484 identifier 1485 byte[n] key/certificate data."; 1486 reference 1487 "RFC 4253: The Secure Shell (SSH) Transport Layer 1488 Protocol"; 1489 } 1491 /*********************************************************/ 1492 /* Typedefs for ASN.1 structures related to RFC 5280 */ 1493 /*********************************************************/ 1495 typedef trust-anchor-cert-x509 { 1496 type x509; 1497 description 1498 "A Certificate structure that MUST encode a self-signed 1499 root certificate."; 1500 } 1502 typedef end-entity-cert-x509 { 1503 type x509; 1504 description 1505 "A Certificate structure that MUST encode a certificate 1506 that is neither self-signed nor having Basic constraint 1507 CA true."; 1508 } 1510 /*********************************************************/ 1511 /* Typedefs for ASN.1 structures related to RFC 5652 */ 1512 /*********************************************************/ 1514 typedef trust-anchor-cert-cms { 1515 type signed-data-cms; 1516 description 1517 "A CMS SignedData structure that MUST contain the chain of 1518 X.509 certificates needed to authenticate the certificate 1519 presented by a client or end-entity. 1521 The CMS MUST contain only a single chain of certificates. 1522 The client or end-entity certificate MUST only authenticate 1523 to last intermediate CA certificate listed in the chain. 1525 In all cases, the chain MUST include a self-signed root 1526 certificate. In the case where the root certificate is 1527 itself the issuer of the client or end-entity certificate, 1528 only one certificate is present. 1530 This CMS structure MAY (as applicable where this type is 1531 used) also contain suitably fresh (as defined by local 1532 policy) revocation objects with which the device can 1533 verify the revocation status of the certificates. 1535 This CMS encodes the degenerate form of the SignedData 1536 structure that is commonly used to disseminate X.509 1537 certificates and revocation objects (RFC 5280)."; 1538 reference 1539 "RFC 5280: 1540 Internet X.509 Public Key Infrastructure Certificate 1541 and Certificate Revocation List (CRL) Profile."; 1542 } 1543 typedef end-entity-cert-cms { 1544 type signed-data-cms; 1545 description 1546 "A CMS SignedData structure that MUST contain the end 1547 entity certificate itself, and MAY contain any number 1548 of intermediate certificates leading up to a trust 1549 anchor certificate. The trust anchor certificate 1550 MAY be included as well. 1552 The CMS MUST contain a single end entity certificate. 1553 The CMS MUST NOT contain any spurious certificates. 1555 This CMS structure MAY (as applicable where this type is 1556 used) also contain suitably fresh (as defined by local 1557 policy) revocation objects with which the device can 1558 verify the revocation status of the certificates. 1560 This CMS encodes the degenerate form of the SignedData 1561 structure that is commonly used to disseminate X.509 1562 certificates and revocation objects (RFC 5280)."; 1563 reference 1564 "RFC 5280: 1565 Internet X.509 Public Key Infrastructure Certificate 1566 and Certificate Revocation List (CRL) Profile."; 1567 } 1569 /**********************************************/ 1570 /* Groupings for keys and/or certificates */ 1571 /**********************************************/ 1573 grouping symmetric-key-grouping { 1574 description 1575 "A symmetric key and algorithm."; 1576 leaf algorithm { 1577 type encryption-algorithm-t; 1578 mandatory true; 1579 description 1580 "The algorithm to be used when generating the key."; 1581 reference 1582 "RFC CCCC: Common YANG Data Types for Cryptography"; 1583 } 1584 choice key-type { 1585 mandatory true; 1586 description 1587 "Choice between key types."; 1588 leaf key { 1589 nacm:default-deny-all; 1590 type binary; 1591 description 1592 "The binary value of the key. The interpretation of 1593 the value is defined by 'algorithm'. For example, 1594 FIXME."; 1595 reference 1596 "RFC XXXX: FIXME"; 1597 } 1598 leaf hidden-key { 1599 nacm:default-deny-write; 1600 type empty; 1601 description 1602 "A permanently hidden key. How such keys are created 1603 is outside the scope of this module."; 1604 } 1605 } 1606 } 1608 grouping public-key-grouping { 1609 description 1610 "A public key and its associated algorithm."; 1611 leaf algorithm { 1612 nacm:default-deny-write; 1613 type asymmetric-key-algorithm-t; 1614 mandatory true; 1615 description 1616 "Identifies the key's algorithm."; 1617 reference 1618 "RFC CCCC: Common YANG Data Types for Cryptography"; 1619 } 1620 leaf public-key { 1621 nacm:default-deny-write; 1622 type binary; 1623 mandatory true; 1624 description 1625 "The binary value of the public key. The interpretation 1626 of the value is defined by 'algorithm'. For example, 1627 a DSA key is an integer, an RSA key is represented as 1628 RSAPublicKey per RFC 8017, and an ECC key is represented 1629 using the 'publicKey' described in RFC 5915."; 1630 reference 1631 "RFC 8017: Public-Key Cryptography Standards (PKCS) #1: 1632 RSA Cryptography Specifications Version 2.2. 1633 RFC 5915: Elliptic Curve Private Key Structure."; 1634 } 1635 } 1637 grouping asymmetric-key-pair-grouping { 1638 description 1639 "A private key and its associated public key and algorithm."; 1640 uses public-key-grouping; 1641 choice private-key-type { 1642 mandatory true; 1643 description 1644 "Choice between key types."; 1645 leaf private-key { 1646 nacm:default-deny-all; 1647 type binary; 1648 description 1649 "The value of the binary key. The key's value is 1650 interpreted by the 'algorithm'. For example, a DSA key 1651 is an integer, an RSA key is represented as RSAPrivateKey 1652 as defined in RFC 8017, and an ECC key is represented as 1653 ECPrivateKey as defined in RFC 5915."; 1654 reference 1655 "RFC 8017: Public-Key Cryptography Standards (PKCS) #1: 1656 RSA Cryptography Specifications Version 2.2. 1657 RFC 5915: Elliptic Curve Private Key Structure."; 1658 } 1659 leaf hidden-private-key { 1660 nacm:default-deny-write; 1661 type empty; 1662 description 1663 "A permanently hidden key. How such keys are created 1664 is outside the scope of this module."; 1665 } 1666 } 1667 } 1669 grouping trust-anchor-cert-grouping { 1670 description 1671 "A trust anchor certificate, and a notification for when 1672 it is about to (or already has) expire."; 1673 leaf cert { 1674 nacm:default-deny-write; 1675 type trust-anchor-cert-cms; 1676 description 1677 "The binary certificate data for this certificate."; 1678 reference 1679 "RFC YYYY: Common YANG Data Types for Cryptography"; 1680 } 1681 notification certificate-expiration { 1682 description 1683 "A notification indicating that the configured certificate 1684 is either about to expire or has already expired. When to 1685 send notifications is an implementation specific decision, 1686 but it is RECOMMENDED that a notification be sent once a 1687 month for 3 months, then once a week for four weeks, and 1688 then once a day thereafter until the issue is resolved."; 1689 leaf expiration-date { 1690 type yang:date-and-time; 1691 mandatory true; 1692 description 1693 "Identifies the expiration date on the certificate."; 1694 } 1695 } 1696 } 1698 grouping trust-anchor-certs-grouping { 1699 description 1700 "A list of trust anchor certificates, and a notification 1701 for when one is about to (or already has) expire."; 1702 leaf-list cert { 1703 nacm:default-deny-write; 1704 type trust-anchor-cert-cms; 1705 description 1706 "The binary certificate data for this certificate."; 1707 reference 1708 "RFC YYYY: Common YANG Data Types for Cryptography"; 1709 } 1710 notification certificate-expiration { 1711 description 1712 "A notification indicating that the configured certificate 1713 is either about to expire or has already expired. When to 1714 send notifications is an implementation specific decision, 1715 but it is RECOMMENDED that a notification be sent once a 1716 month for 3 months, then once a week for four weeks, and 1717 then once a day thereafter until the issue is resolved."; 1718 leaf expiration-date { 1719 type yang:date-and-time; 1720 mandatory true; 1721 description 1722 "Identifies the expiration date on the certificate."; 1723 } 1724 } 1725 } 1727 grouping end-entity-cert-grouping { 1728 description 1729 "An end entity certificate, and a notification for when 1730 it is about to (or already has) expire. Implementations 1731 SHOULD assert that, where used, the end entity certificate 1732 contains the expected public key."; 1733 leaf cert { 1734 nacm:default-deny-write; 1735 type end-entity-cert-cms; 1736 description 1737 "The binary certificate data for this certificate."; 1738 reference 1739 "RFC YYYY: Common YANG Data Types for Cryptography"; 1740 } 1741 notification certificate-expiration { 1742 description 1743 "A notification indicating that the configured certificate 1744 is either about to expire or has already expired. When to 1745 send notifications is an implementation specific decision, 1746 but it is RECOMMENDED that a notification be sent once a 1747 month for 3 months, then once a week for four weeks, and 1748 then once a day thereafter until the issue is resolved."; 1749 leaf expiration-date { 1750 type yang:date-and-time; 1751 mandatory true; 1752 description 1753 "Identifies the expiration date on the certificate."; 1754 } 1755 } 1756 } 1758 grouping end-entity-certs-grouping { 1759 description 1760 "A list of end entity certificates, and a notification for 1761 when one is about to (or already has) expire."; 1762 leaf-list cert { 1763 nacm:default-deny-write; 1764 type end-entity-cert-cms; 1765 description 1766 "The binary certificate data for this certificate."; 1767 reference 1768 "RFC YYYY: Common YANG Data Types for Cryptography"; 1769 } 1770 notification certificate-expiration { 1771 description 1772 "A notification indicating that the configured certificate 1773 is either about to expire or has already expired. When to 1774 send notifications is an implementation specific decision, 1775 but it is RECOMMENDED that a notification be sent once a 1776 month for 3 months, then once a week for four weeks, and 1777 then once a day thereafter until the issue is resolved."; 1778 leaf expiration-date { 1779 type yang:date-and-time; 1780 mandatory true; 1781 description 1782 "Identifies the expiration date on the certificate."; 1784 } 1785 } 1786 } 1788 grouping asymmetric-key-pair-with-cert-grouping { 1789 description 1790 "A private/public key pair and an associated certificate. 1791 Implementations SHOULD assert that certificates contain 1792 the matching public key."; 1793 uses asymmetric-key-pair-grouping; 1794 uses end-entity-cert-grouping; 1795 action generate-certificate-signing-request { 1796 nacm:default-deny-all; 1797 description 1798 "Generates a certificate signing request structure for 1799 the associated asymmetric key using the passed subject 1800 and attribute values. The specified assertions need 1801 to be appropriate for the certificate's use. For 1802 example, an entity certificate for a TLS server 1803 SHOULD have values that enable clients to satisfy 1804 RFC 6125 processing."; 1805 input { 1806 leaf subject { 1807 type binary; 1808 mandatory true; 1809 description 1810 "The 'subject' field per the CertificationRequestInfo 1811 structure as specified by RFC 2986, Section 4.1 1812 encoded using the ASN.1 distinguished encoding 1813 rules (DER), as specified in ITU-T X.690."; 1814 reference 1815 "RFC 2986: 1816 PKCS #10: Certification Request Syntax 1817 Specification Version 1.7. 1818 ITU-T X.690: 1819 Information technology - ASN.1 encoding rules: 1820 Specification of Basic Encoding Rules (BER), 1821 Canonical Encoding Rules (CER) and Distinguished 1822 Encoding Rules (DER)."; 1823 } 1824 leaf attributes { 1825 type binary; // FIXME: does this need to be mandatory? 1826 description 1827 "The 'attributes' field from the structure 1828 CertificationRequestInfo as specified by RFC 2986, 1829 Section 4.1 encoded using the ASN.1 distinguished 1830 encoding rules (DER), as specified in ITU-T X.690."; 1831 reference 1832 "RFC 2986: 1833 PKCS #10: Certification Request Syntax 1834 Specification Version 1.7. 1835 ITU-T X.690: 1836 Information technology - ASN.1 encoding rules: 1837 Specification of Basic Encoding Rules (BER), 1838 Canonical Encoding Rules (CER) and Distinguished 1839 Encoding Rules (DER)."; 1840 } 1841 } 1842 output { 1843 leaf certificate-signing-request { 1844 type binary; 1845 mandatory true; 1846 description 1847 "A CertificationRequest structure as specified by 1848 RFC 2986, Section 4.2 encoded using the ASN.1 1849 distinguished encoding rules (DER), as specified 1850 in ITU-T X.690."; 1851 reference 1852 "RFC 2986: 1853 PKCS #10: Certification Request Syntax 1854 Specification Version 1.7. 1855 ITU-T X.690: 1856 Information technology - ASN.1 encoding rules: 1857 Specification of Basic Encoding Rules (BER), 1858 Canonical Encoding Rules (CER) and Distinguished 1859 Encoding Rules (DER)."; 1860 } 1861 } 1862 } // generate-certificate-signing-request 1863 } // asymmetric-key-pair-with-cert-grouping 1865 grouping asymmetric-key-pair-with-certs-grouping { 1866 description 1867 "A private/public key pair and associated certificates. 1868 Implementations SHOULD assert that certificates contain 1869 the matching public key."; 1870 uses asymmetric-key-pair-grouping; 1871 container certificates { 1872 nacm:default-deny-write; 1873 description 1874 "Certificates associated with this asymmetric key. 1875 More than one certificate supports, for instance, 1876 a TPM-protected asymmetric key that has both IDevID 1877 and LDevID certificates associated."; 1878 list certificate { 1879 key "name"; 1880 description 1881 "A certificate for this asymmetric key."; 1882 leaf name { 1883 type string; 1884 description 1885 "An arbitrary name for the certificate. If the name 1886 matches the name of a certificate that exists 1887 independently in (i.e., an IDevID), 1888 then the 'cert' node MUST NOT be configured."; 1889 } 1890 uses end-entity-cert-grouping; 1891 } 1892 } // certificates 1893 action generate-certificate-signing-request { 1894 nacm:default-deny-all; 1895 description 1896 "Generates a certificate signing request structure for 1897 the associated asymmetric key using the passed subject 1898 and attribute values. The specified assertions need 1899 to be appropriate for the certificate's use. For 1900 example, an entity certificate for a TLS server 1901 SHOULD have values that enable clients to satisfy 1902 RFC 6125 processing."; 1903 input { 1904 leaf subject { 1905 type binary; 1906 mandatory true; 1907 description 1908 "The 'subject' field per the CertificationRequestInfo 1909 structure as specified by RFC 2986, Section 4.1 1910 encoded using the ASN.1 distinguished encoding 1911 rules (DER), as specified in ITU-T X.690."; 1912 reference 1913 "RFC 2986: 1914 PKCS #10: Certification Request Syntax 1915 Specification Version 1.7. 1916 ITU-T X.690: 1917 Information technology - ASN.1 encoding rules: 1918 Specification of Basic Encoding Rules (BER), 1919 Canonical Encoding Rules (CER) and Distinguished 1920 Encoding Rules (DER)."; 1921 } 1922 leaf attributes { 1923 type binary; // FIXME: does this need to be mandatory? 1924 description 1925 "The 'attributes' field from the structure 1926 CertificationRequestInfo as specified by RFC 2986, 1927 Section 4.1 encoded using the ASN.1 distinguished 1928 encoding rules (DER), as specified in ITU-T X.690."; 1929 reference 1930 "RFC 2986: 1931 PKCS #10: Certification Request Syntax 1932 Specification Version 1.7. 1933 ITU-T X.690: 1934 Information technology - ASN.1 encoding rules: 1935 Specification of Basic Encoding Rules (BER), 1936 Canonical Encoding Rules (CER) and Distinguished 1937 Encoding Rules (DER)."; 1938 } 1939 } 1940 output { 1941 leaf certificate-signing-request { 1942 type binary; 1943 mandatory true; 1944 description 1945 "A CertificationRequest structure as specified by 1946 RFC 2986, Section 4.2 encoded using the ASN.1 1947 distinguished encoding rules (DER), as specified 1948 in ITU-T X.690."; 1949 reference 1950 "RFC 2986: 1951 PKCS #10: Certification Request Syntax 1952 Specification Version 1.7. 1953 ITU-T X.690: 1954 Information technology - ASN.1 encoding rules: 1955 Specification of Basic Encoding Rules (BER), 1956 Canonical Encoding Rules (CER) and Distinguished 1957 Encoding Rules (DER)."; 1958 } 1959 } 1960 } // generate-certificate-signing-request 1961 } // asymmetric-key-pair-with-certs-grouping 1962 } 1964 1966 3. Security Considerations 1968 3.1. Support for Algorithms 1970 In order to use YANG identities for algorithm identifiers, only the 1971 most commonly used RSA key lengths are supported for the RSA 1972 algorithm. Additional key lengths can be defined in another module 1973 or added into a future version of this document. 1975 This document limits the number of elliptical curves supported. This 1976 was done to match industry trends and IETF best practice (e.g., 1977 matching work being done in TLS 1.3). If additional algorithms are 1978 needed, they can be defined by another module or added into a future 1979 version of this document. 1981 3.2. No Support for CRMF 1983 This document uses PKCS #10 [RFC2986] for the "generate-certificate- 1984 signing-request" action. The use of Certificate Request Message 1985 Format (CRMF) [RFC4211] was considered, but is was unclear if there 1986 was market demand for it. If it is desired to support CRMF in the 1987 future, a backwards compatible solution can be defined at that time. 1989 3.3. Access to Data Nodes 1991 The YANG module in this document defines "grouping" statements that 1992 are designed to be accessed via YANG based management protocols, such 1993 as NETCONF [RFC6241] and RESTCONF [RFC8040]. Both of these protocols 1994 have mandatory-to-implement secure transport layers (e.g., SSH, TLS) 1995 with mutual authentication. 1997 The NETCONF access control model (NACM) [RFC8341] provides the means 1998 to restrict access for particular users to a pre-configured subset of 1999 all available protocol operations and content. 2001 Since the module in this document only define groupings, these 2002 considerations are primarily for the designers of other modules that 2003 use these groupings. 2005 There are a number of data nodes defined by the grouping statements 2006 that are writable/creatable/deletable (i.e., config true, which is 2007 the default). Some of these data nodes may be considered sensitive 2008 or vulnerable in some network environments. Write operations (e.g., 2009 edit-config) to these data nodes without proper protection can have a 2010 negative effect on network operations. These are the subtrees and 2011 data nodes and their sensitivity/vulnerability: 2013 *: All of the data nodes defined by all the groupings are 2014 considered sensitive to write operations. For instance, the 2015 modification of a public key or a certificate can dramatically 2016 alter the implemented security policy. For this reason, the 2017 NACM extension "default-deny-write" has been applied to all the 2018 data nodes defined by all the groupings. 2020 Some of the readable data nodes in the YANG module may be considered 2021 sensitive or vulnerable in some network environments. It is thus 2022 important to control read access (e.g., via get, get-config, or 2023 notification) to these data nodes. These are the subtrees and data 2024 nodes and their sensitivity/vulnerability: 2026 /private-key: The "private-key" node defined in the "asymmetric- 2027 key-pair-grouping" grouping is additionally sensitive to read 2028 operations such that, in normal use cases, it should never be 2029 returned to a client. For this reason, the NACM extension 2030 "default-deny-all" has been applied to it here. 2032 Some of the operations in this YANG module may be considered 2033 sensitive or vulnerable in some network environments. It is thus 2034 important to control access to these operations. These are the 2035 operations and their sensitivity/vulnerability: 2037 *: All of the "action" statements defined by groupings SHOULD only 2038 be executed by authorized users. For this reason, the NACM 2039 extension "default-deny-all" has been applied to all of them. 2040 Note that NACM uses "default-deny-all" to protect "RPC" and 2041 "action" statements; it does not define, e.g., an extension 2042 called "default-deny-execute". 2044 generate-certificate-signing-request: For this action, it is 2045 RECOMMENDED that implementations assert channel binding 2046 [RFC5056], so as to ensure that the application layer that sent 2047 the request is the same as the device authenticated when the 2048 secure transport layer was established. 2050 4. IANA Considerations 2052 4.1. The IETF XML Registry 2054 This document registers one URI in the "ns" subregistry of the IETF 2055 XML Registry [RFC3688]. Following the format in [RFC3688], the 2056 following registration is requested: 2058 URI: urn:ietf:params:xml:ns:yang:ietf-crypto-types 2059 Registrant Contact: The NETCONF WG of the IETF. 2060 XML: N/A, the requested URI is an XML namespace. 2062 4.2. The YANG Module Names Registry 2064 This document registers one YANG module in the YANG Module Names 2065 registry [RFC6020]. Following the format in [RFC6020], the the 2066 following registration is requested: 2068 name: ietf-crypto-types 2069 namespace: urn:ietf:params:xml:ns:yang:ietf-crypto-types 2070 prefix: ct 2071 reference: RFC XXXX 2073 5. References 2075 5.1. Normative References 2077 [ITU.X690.2015] 2078 International Telecommunication Union, "Information 2079 Technology - ASN.1 encoding rules: Specification of Basic 2080 Encoding Rules (BER), Canonical Encoding Rules (CER) and 2081 Distinguished Encoding Rules (DER)", ITU-T Recommendation 2082 X.690, ISO/IEC 8825-1, August 2015, 2083 . 2085 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2086 Requirement Levels", BCP 14, RFC 2119, 2087 DOI 10.17487/RFC2119, March 1997, 2088 . 2090 [RFC2404] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within 2091 ESP and AH", RFC 2404, DOI 10.17487/RFC2404, November 2092 1998, . 2094 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard (AES) 2095 Encryption Algorithm in Cryptographic Message Syntax 2096 (CMS)", RFC 3565, DOI 10.17487/RFC3565, July 2003, 2097 . 2099 [RFC3686] Housley, R., "Using Advanced Encryption Standard (AES) 2100 Counter Mode With IPsec Encapsulating Security Payload 2101 (ESP)", RFC 3686, DOI 10.17487/RFC3686, January 2004, 2102 . 2104 [RFC4106] Viega, J. and D. McGrew, "The Use of Galois/Counter Mode 2105 (GCM) in IPsec Encapsulating Security Payload (ESP)", 2106 RFC 4106, DOI 10.17487/RFC4106, June 2005, 2107 . 2109 [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) 2110 Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, 2111 January 2006, . 2113 [RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key 2114 Ciphersuites for Transport Layer Security (TLS)", 2115 RFC 4279, DOI 10.17487/RFC4279, December 2005, 2116 . 2118 [RFC4309] Housley, R., "Using Advanced Encryption Standard (AES) CCM 2119 Mode with IPsec Encapsulating Security Payload (ESP)", 2120 RFC 4309, DOI 10.17487/RFC4309, December 2005, 2121 . 2123 [RFC4494] Song, JH., Poovendran, R., and J. Lee, "The AES-CMAC-96 2124 Algorithm and Its Use with IPsec", RFC 4494, 2125 DOI 10.17487/RFC4494, June 2006, 2126 . 2128 [RFC4543] McGrew, D. and J. Viega, "The Use of Galois Message 2129 Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543, 2130 DOI 10.17487/RFC4543, May 2006, 2131 . 2133 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 2134 384, and HMAC-SHA-512 with IPsec", RFC 4868, 2135 DOI 10.17487/RFC4868, May 2007, 2136 . 2138 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 2139 Housley, R., and W. Polk, "Internet X.509 Public Key 2140 Infrastructure Certificate and Certificate Revocation List 2141 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 2142 . 2144 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 2145 RFC 5652, DOI 10.17487/RFC5652, September 2009, 2146 . 2148 [RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm 2149 Integration in the Secure Shell Transport Layer", 2150 RFC 5656, DOI 10.17487/RFC5656, December 2009, 2151 . 2153 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure 2154 Shell Authentication", RFC 6187, DOI 10.17487/RFC6187, 2155 March 2011, . 2157 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2158 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2159 . 2161 [RFC7919] Gillmor, D., "Negotiated Finite Field Diffie-Hellman 2162 Ephemeral Parameters for Transport Layer Security (TLS)", 2163 RFC 7919, DOI 10.17487/RFC7919, August 2016, 2164 . 2166 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2167 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2168 . 2170 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2171 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2172 May 2017, . 2174 [RFC8268] Baushke, M., "More Modular Exponentiation (MODP) Diffie- 2175 Hellman (DH) Key Exchange (KEX) Groups for Secure Shell 2176 (SSH)", RFC 8268, DOI 10.17487/RFC8268, December 2017, 2177 . 2179 [RFC8332] Bider, D., "Use of RSA Keys with SHA-256 and SHA-512 in 2180 the Secure Shell (SSH) Protocol", RFC 8332, 2181 DOI 10.17487/RFC8332, March 2018, 2182 . 2184 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2185 Access Control Model", STD 91, RFC 8341, 2186 DOI 10.17487/RFC8341, March 2018, 2187 . 2189 [RFC8422] Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic 2190 Curve Cryptography (ECC) Cipher Suites for Transport Layer 2191 Security (TLS) Versions 1.2 and Earlier", RFC 8422, 2192 DOI 10.17487/RFC8422, August 2018, 2193 . 2195 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2196 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2197 . 2199 5.2. Informative References 2201 [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification 2202 Request Syntax Specification Version 1.7", RFC 2986, 2203 DOI 10.17487/RFC2986, November 2000, 2204 . 2206 [RFC3174] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 2207 (SHA1)", RFC 3174, DOI 10.17487/RFC3174, September 2001, 2208 . 2210 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2211 DOI 10.17487/RFC3688, January 2004, 2212 . 2214 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 2215 Certificate Request Message Format (CRMF)", RFC 4211, 2216 DOI 10.17487/RFC4211, September 2005, 2217 . 2219 [RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The 2220 AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June 2221 2006, . 2223 [RFC5056] Williams, N., "On the Use of Channel Bindings to Secure 2224 Channels", RFC 5056, DOI 10.17487/RFC5056, November 2007, 2225 . 2227 [RFC5915] Turner, S. and D. Brown, "Elliptic Curve Private Key 2228 Structure", RFC 5915, DOI 10.17487/RFC5915, June 2010, 2229 . 2231 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2232 the Network Configuration Protocol (NETCONF)", RFC 6020, 2233 DOI 10.17487/RFC6020, October 2010, 2234 . 2236 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 2237 Verification of Domain-Based Application Service Identity 2238 within Internet Public Key Infrastructure Using X.509 2239 (PKIX) Certificates in the Context of Transport Layer 2240 Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March 2241 2011, . 2243 [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms 2244 (SHA and SHA-based HMAC and HKDF)", RFC 6234, 2245 DOI 10.17487/RFC6234, May 2011, 2246 . 2248 [RFC6239] Igoe, K., "Suite B Cryptographic Suites for Secure Shell 2249 (SSH)", RFC 6239, DOI 10.17487/RFC6239, May 2011, 2250 . 2252 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2253 and A. Bierman, Ed., "Network Configuration Protocol 2254 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2255 . 2257 [RFC6507] Groves, M., "Elliptic Curve-Based Certificateless 2258 Signatures for Identity-Based Encryption (ECCSI)", 2259 RFC 6507, DOI 10.17487/RFC6507, February 2012, 2260 . 2262 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, 2263 "PKCS #1: RSA Cryptography Specifications Version 2.2", 2264 RFC 8017, DOI 10.17487/RFC8017, November 2016, 2265 . 2267 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 2268 Signature Algorithm (EdDSA)", RFC 8032, 2269 DOI 10.17487/RFC8032, January 2017, 2270 . 2272 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2273 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2274 . 2276 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2277 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2278 . 2280 [RFC8439] Nir, Y. and A. Langley, "ChaCha20 and Poly1305 for IETF 2281 Protocols", RFC 8439, DOI 10.17487/RFC8439, June 2018, 2282 . 2284 Appendix A. Examples 2286 A.1. The "asymmetric-key-pair-with-certs-grouping" Grouping 2288 The following example module has been constructed to illustrate use 2289 of the "asymmetric-key-pair-with-certs-grouping" grouping defined in 2290 the "ietf-crypto-types" module. 2292 Note that the "asymmetric-key-pair-with-certs-grouping" grouping uses 2293 both the "asymmetric-key-pair-grouping" and "end-entity-cert- 2294 grouping" groupings, and that the "asymmetric-key-pair-grouping" 2295 grouping uses the "public-key-grouping" grouping. Thus, a total of 2296 four of the five groupings defined in the "ietf-crypto-types" module 2297 are illustrated through the use of this one grouping. The only 2298 grouping not represented is the "trust-anchor-cert-grouping" 2299 grouping. 2301 module ex-crypto-types-usage { 2302 yang-version 1.1; 2304 namespace "http://example.com/ns/example-crypto-types-usage"; 2305 prefix "ectu"; 2307 import ietf-crypto-types { 2308 prefix ct; 2309 reference 2310 "RFC XXXX: Common YANG Data Types for Cryptography"; 2311 } 2313 organization 2314 "Example Corporation"; 2316 contact 2317 "Author: YANG Designer "; 2319 description 2320 "This module illustrates the grouping 2321 defined in the crypto-types draft called 2322 'asymmetric-key-pair-with-certs-grouping'."; 2324 revision "1001-01-01" { 2325 description 2326 "Initial version"; 2327 reference 2328 "RFC ????: Usage Example for RFC XXXX"; 2329 } 2331 container keys { 2332 description 2333 "A container of keys."; 2334 list key { 2335 key name; 2336 leaf name { 2337 type string; 2338 description 2339 "An arbitrary name for this key."; 2340 } 2341 uses ct:asymmetric-key-pair-with-certs-grouping; 2342 description 2343 "An asymmetric key pair with associated certificates."; 2344 } 2345 } 2346 } 2347 Given the above example usage module, the following example 2348 illustrates some configured keys. 2350 2351 2352 ex-key 2353 rsa2048 2354 base64encodedvalue== 2355 base64encodedvalue== 2356 2357 2358 ex-cert 2359 base64encodedvalue== 2360 2361 2362 2363 2364 ex-hidden-key 2365 rsa2048 2366 base64encodedvalue== 2367 2368 2369 2370 ex-hidden-key-cert 2371 base64encodedvalue== 2372 2373 2374 2375 2377 A.2. The "generate-certificate-signing-request" Action 2379 The following example illustrates the "generate-certificate-signing- 2380 request" action in use with the NETCONF protocol. 2382 REQUEST 2384 2386 2387 2388 2389 ex-key-sect571r1 2390 2391 base64encodedvalue== 2392 base64encodedvalue== 2393 2394 2395 2396 2397 2399 RESPONSE 2401 2403 2405 base64encodedvalue== 2406 2407 2409 A.3. The "certificate-expiration" Notification 2411 The following example illustrates the "certificate-expiration" 2412 notification in use with the NETCONF protocol. 2414 2416 2018-05-25T00:01:00Z 2417 2418 2419 locally-defined key 2420 2421 2422 my-cert 2423 2424 2425 2018-08-05T14:18:53-05:00 2426 2427 2428 2429 2430 2431 2432 2434 Appendix B. Change Log 2436 B.1. I-D to 00 2438 o Removed groupings and notifications. 2440 o Added typedefs for identityrefs. 2442 o Added typedefs for other RFC 5280 structures. 2444 o Added typedefs for other RFC 5652 structures. 2446 o Added convenience typedefs for RFC 4253, RFC 5280, and RFC 5652. 2448 B.2. 00 to 01 2450 o Moved groupings from the draft-ietf-netconf-keystore here. 2452 B.3. 01 to 02 2454 o Removed unwanted "mandatory" and "must" statements. 2456 o Added many new crypto algorithms (thanks Haiguang!) 2458 o Clarified in asymmetric-key-pair-with-certs-grouping, in 2459 certificates/certificate/name/description, that if the name MUST 2460 NOT match the name of a certificate that exists independently in 2461 , enabling certs installed by the manufacturer (e.g., 2462 an IDevID). 2464 B.4. 02 to 03 2466 o renamed base identity 'asymmetric-key-encryption-algorithm' to 2467 'asymmetric-key-algorithm'. 2469 o added new 'asymmetric-key-algorithm' identities for secp192r1, 2470 secp224r1, secp256r1, secp384r1, and secp521r1. 2472 o removed 'mac-algorithm' identities for mac-aes-128-ccm, mac-aes- 2473 192-ccm, mac-aes-256-ccm, mac-aes-128-gcm, mac-aes-192-gcm, mac- 2474 aes-256-gcm, and mac-chacha20-poly1305. 2476 o for all -cbc and -ctr identities, renamed base identity 2477 'symmetric-key-encryption-algorithm' to 'encryption-algorithm'. 2479 o for all -ccm and -gcm identities, renamed base identity 2480 'symmetric-key-encryption-algorithm' to 'encryption-and-mac- 2481 algorithm' and renamed the identity to remove the "enc-" prefix. 2483 o for all the 'signature-algorithm' based identities, renamed from 2484 'rsa-*' to 'rsassa-*'. 2486 o removed all of the "x509v3-" prefixed 'signature-algorithm' based 2487 identities. 2489 o added 'key-exchange-algorithm' based identities for 'rsaes-oaep' 2490 and 'rsaes-pkcs1-v1_5'. 2492 o renamed typedef 'symmetric-key-encryption-algorithm-ref' to 2493 'symmetric-key-algorithm-ref'. 2495 o renamed typedef 'asymmetric-key-encryption-algorithm-ref' to 2496 'asymmetric-key-algorithm-ref'. 2498 o added typedef 'encryption-and-mac-algorithm-ref'. 2500 o Updated copyright date, boilerplate template, affiliation, and 2501 folding algorithm. 2503 B.5. 03 to 04 2505 o ran YANG module through formatter. 2507 B.6. 04 to 05 2509 o fixed broken symlink causing reformatted YANG module to not show. 2511 B.7. 05 to 06 2513 o Added NACM annotations. 2515 o Updated Security Considerations section. 2517 o Added 'asymmetric-key-pair-with-cert-grouping' grouping. 2519 o Removed text from 'permanently-hidden' enum regarding such keys 2520 not being backed up or restored. 2522 o Updated the boilerplate text in module-level "description" 2523 statement to match copyeditor convention. 2525 o Added an explanation to the 'public-key-grouping' and 'asymmetric- 2526 key-pair-grouping' statements as for why the nodes are not 2527 mandatory (e.g., because they may exist only in . 2529 o Added 'must' expressions to the 'public-key-grouping' and 2530 'asymmetric-key-pair-grouping' statements ensuring sibling nodes 2531 are either all exist or do not all exist. 2533 o Added an explanation to the 'permanently-hidden' that the value 2534 cannot be configured directly by clients and servers MUST fail any 2535 attempt to do so. 2537 o Added 'trust-anchor-certs-grouping' and 'end-entity-certs- 2538 grouping' (the plural form of existing groupings). 2540 o Now states that keys created in by the *-hidden-key 2541 actions are bound to the lifetime of the parent 'config true' 2542 node, and that subsequent invocations of either action results in 2543 a failure. 2545 B.8. 06 to 07 2547 o Added clarifications that implementations SHOULD assert that 2548 configured certificates contain the matching public key. 2550 o Replaced the 'generate-hidden-key' and 'install-hidden-key' 2551 actions with special 'crypt-hash' -like input/output values. 2553 B.9. 07 to 08 2555 o Removed the 'generate-key and 'hidden-key' features. 2557 o Added grouping symmetric-key-grouping 2559 o Modified 'asymmetric-key-pair-grouping' to have a 'choice' 2560 statement for the keystone module to augment into, as well as 2561 replacing the 'union' with leafs (having different NACM settings. 2563 B.10. 08 to 09 2565 o Converting algorithm from identities to enumerations. 2567 Acknowledgements 2569 The authors would like to thank for following for lively discussions 2570 on list and in the halls (ordered by last name): Martin Bjorklund, 2571 Nick Hancock, Balazs Kovacs, Juergen Schoenwaelder, Eric Voit, and 2572 Liang Xia. 2574 Authors' Addresses 2576 Kent Watsen 2577 Watsen Networks 2579 EMail: kent+ietf@watsen.net 2581 Wang Haiguang 2582 Huawei 2584 EMail: wang.haiguang.shieldlab@huawei.com